PA 500 running PANOS 6.1.2
We have regional blocks in place that block inbound traffic originating from non-US IP's. However, we have discovered a bit of a dilemma.
We have found that an IP such as 220.127.116.11 originates from Ireland and geomaps as such, but according to whois query is registered to MS in Redmond, WA. So, it is allowed through despite the security policy blocking non US traffic.
I have just begun to look for solutions to this and wanted to see if anyone else here had come up with a a fix without me looking to reinvent the wheel.
Thanks in advance.
Thanks for the response Gregoux, but my situation is kind of the reverse of what the linked discussion addresses.
In my case, the source address is out of say Germany or England, or Ireland, but the IP is registered with ARIN to Microsoft or Amazon. We've tested reflecting from sites outside the US. If the reflecting site uses an IP that is part of MS or AWS's range then even though the signal originates from outside the US, the PA classifies it as from within the US. I have tried adding custom objects based on Lat/Long, without any changes in results.
I'll keep digging.
Lets say if IP is outside USA and PANW locates it within USA, than you should open a case. They can update information in next content version.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!